From 0cfa800770e09f9b7316c6773567486ad749201b Mon Sep 17 00:00:00 2001
From: "srvproxy001.itguys.com.br" <srvproxy001@itguys.com.br>
Date: Mon, 22 Sep 2025 18:30:10 -0300
Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?=
 =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?=
 =?UTF-8?q?5-09-22=2018:30:10?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../cloud.grupopralog.com.br.conf             | 101 ++++++++++++++++++
 1 file changed, 101 insertions(+)
 create mode 100644 nginx/sites-available/cloud.grupopralog.com.br.conf

diff --git a/nginx/sites-available/cloud.grupopralog.com.br.conf b/nginx/sites-available/cloud.grupopralog.com.br.conf
new file mode 100644
index 0000000..cf92786
--- /dev/null
+++ b/nginx/sites-available/cloud.grupopralog.com.br.conf
@@ -0,0 +1,101 @@
+# ==============================================================================
+# ARQUIVO DE CONFIGURAÇÃO NGINX PARA NEXTCLOUD E OFFICE ONLINE
+# DOMÍNIO: cloud.grupopralog.com.br
+# AUTOR: Gemini AI (Especialista NGINX)
+# VERSÃO: 4.2 (Corrigido para backend HTTP do Office Online)
+# ==============================================================================
+
+# ------------------------------------------------------------------------------
+# A. UPSTREAMS
+# ------------------------------------------------------------------------------
+upstream nextcloud_backend {
+    server 172.16.253.12;
+}
+
+# UPSTREAM CORRIGIDO: Apontando para o Office Online via HTTP na porta 80
+upstream officeonline_backend {
+    # ATENÇÃO: SUBSTITUA 192.168.X.Y PELO IP INTERNO DO SEU SERVIDOR OFFICE ONLINE
+    server srvoffice001.itguys.com.br;
+}
+
+# ==============================================================================
+# B. BLOCO HTTP: Redirecionar para HTTPS
+# ==============================================================================
+server {
+    listen 80;
+    listen [::]:80;
+    server_name cloud.grupopralog.com.br;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# ==============================================================================
+# C. BLOCO HTTPS: Servidor Principal
+# ==============================================================================
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name cloud.grupopralog.com.br;
+
+    # ... (suas seções D e E de SSL e parâmetros gerais permanecem as mesmas) ...
+    ssl_certificate /etc/letsencrypt/live/cloud.grupopralog.com.br/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cloud.grupopralog.com.br/privkey.pem;
+    include /etc/nginx/snippets/ssl_params.conf;
+    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-Permitted-Cross-Domain-Policies none always;
+    add_header X-Robots-Tag "noindex, nofollow" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    client_max_body_size 10G;
+    access_log /var/log/nginx/access.log detailed_proxy;
+    error_log /var/log/nginx/error.log;
+    include /etc/nginx/snippets/custom_errors.conf;
+    include /etc/nginx/snippets/global_robots.conf;
+
+
+    # --------------------------------------------------------------------------
+    # H. ROTAS ESPECÍFICAS (LOCATIONS)
+    # --------------------------------------------------------------------------
+    location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; }
+    location = /.well-known/caldav  { return 301 $scheme://$host/remote.php/dav; }
+
+    # ==========================================================================
+    # BLOCO DO OFFICE ONLINE CORRIGIDO
+    # ==========================================================================
+    location ~ ^/(m|x|we|wv|op/view) {
+        # MUDANÇA CRÍTICA: Usando http:// para se comunicar com o backend
+        proxy_pass http://officeonline_backend;
+
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https; # IMPORTANTE: Informa que a conexão original era https
+        proxy_set_header X-Forwarded-Host $host;
+    }
+
+    # --------------------------------------------------------------------------
+    # H.2. Rota Principal da Aplicação Nextcloud
+    # --------------------------------------------------------------------------
+    location / {
+        proxy_pass http://nextcloud_backend;
+        # ... (todos os outros parâmetros de proxy que você já tinha) ...
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_http_version 1.1;
+        proxy_connect_timeout 60s;
+        proxy_read_timeout 3600s;
+        proxy_send_timeout 3600s;
+        proxy_buffering off;
+        proxy_request_buffering off;
+    }
+}